Skip to content

Commit

Permalink
Reduce required physical fuses for Caliptra 1.x (#226)
Browse files Browse the repository at this point in the history
Reduce required IDEVID CERT IDEVID ATTR fuse utilization to 352 bits and HSM IDENTIFIER to 0 bits
  • Loading branch information
varuns-nvidia authored Oct 9, 2024
1 parent 12f4636 commit b58f5fa
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions doc/Caliptra.md
Original file line number Diff line number Diff line change
Expand Up @@ -1185,8 +1185,8 @@ The following table describes Caliptra's fuse map:
| FMC KEY MANIFEST SVN | 32 | ROM FMC RUNTIME | In-field programmable | FMC security version number. |
| RUNTIME SVN | 128 | ROM FMC RUNTIME | In-field programmable | Runtime firmware security version number. |
| ANTI-ROLLBACK DISABLE | 1 | ROM FMC RUNTIME | SoC manufacturing or in-field programmable | Disables anti-rollback support from Caliptra. (For example, if a Platform RoT is managing FW storage and anti-rollback protection external to the SoC.) |
| IDEVID CERT IDEVID ATTR | 768 | ROM FMC RUNTIME | SoC manufacturing | IDevID Certificate Generation Attributes. See [IDevID certificate section](#idevid-certificate)
| IDEVID MANUF HSM IDENTIFIER | 128 | ROM FMC RUNTIME | SoC manufacturing | Spare bits for Vendor IDevID provisioner CA identifiers. |
| IDEVID CERT IDEVID ATTR | 768, 352 used | ROM FMC RUNTIME | SoC manufacturing | IDevID Certificate Generation Attributes. See [IDevID certificate section](#idevid-certificate). Caliptra only uses 352 bits. Integrator is not required to back the remaining 416 bits with physical fuses.
| IDEVID MANUF HSM IDENTIFIER | 128, 0 used | ROM FMC RUNTIME | SoC manufacturing | Spare bits for Vendor IDevID provisioner CA identifiers. Caliptra does not use these bits. Integrator is not required to back these with physical fuses. |
| LIFE CYCLE | 2 | ROM FMC RUNTIME | SoC manufacturing | **Caliptra Boot Media Integrated mode usage only**. SoCs that build with a Boot Media Dependent profile don’t have to account for these fuses.<br> - '00 - Unprovisioned <br> - '01 - Manufacturing<br> - '10 - Undefined<br> - '11 - Production<br> **Reset:** Can only be reset on powergood. |
| LMS VERIFY | 1 | ROM | In-field programmable | - 0 - Verify Caliptra firmware images with ECDSA-only.<br> - 1 - Verify Caliptra firmware images with both ECDSA and LMS. |
| LMS REVOCATION | 32 | ROM | In-field programmable | One-hot encoded list of revoked Vendor LMS Public Keys. |
Expand Down

0 comments on commit b58f5fa

Please sign in to comment.